When the notion of enlisting smartphones to help fight the COVID-19 pandemic first surfaced last spring, it sparked a months-long debate: should apps collect location data, which could help with contact tracing but potentially reveal sensitive information? Or should they take a more limited approach, only measuring Bluetooth-based proximity to other phones? Now, a broad survey of hundreds of COVID-19-related apps reveals that the answer is all of the above. And that has made the COVID-19 app ecosystem a kind of wild, sprawling landscape, full of potential privacy pitfalls.
Late last month, Jonathan Albright, director of the Digital Forensics Initiative at the Tow Center for Digital Journalism, released the results of his analysis of 493 COVID-19-related iOS apps across dozens of countries. His study of those apps, which tackle everything from symptom-tracking to telehealth consultations to contact tracing, catalogs the data permissions each one requests. At WIRED’s request, Albright then broke down the dataset further to focus specifically on the 359 apps that handle contact tracing, exposure notification, screening, reporting, workplace monitoring, and COVID-19 information from public health authorities around the globe.